[tor-dev] Tor Attack Implementations (Master's Thesis: Tor & Mixes)

s7r s7r at sky-ip.org
Sun Feb 8 21:49:57 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256



On 2/8/2015 11:39 PM, George Kadianakis wrote:
> Florian Rüchel <florian.ruechel.tor at inexplicity.de> writes:
> 
>> Hi everyone,
>> 
>> I have taken some time and considered my topic for the Master's 
>> Thesis. I have finally decided to write it on integrating 
>> high-latency traffic with the Tor low-latency network (see also 
>> my initial mail and George's response[1]).
>> 
> 
> 
> Hello,
> 
> yes it does sound like an interesting research topic.
> 
>> 
>> My primary research goal is to determine the impact of a mix 
>> network inside Tor, especially on low-latency users of the 
>> network. For this, I plan to use shadow [2] with scallion to 
>> simulate the Tor network. I then want to integrate Mix features 
>> into the network and see how the network reacts to certain 
>> attacks, attacking the mix users as well as the non-mix users. A
>>  crucial part in this evaluation will be to determine whether the
>>  anonymity of regular Tor users might be reduced (for example 
>> just by drawing away users from low- to high-latency traffic) or
>>  whether it might actually be improved (it could attract more 
>> users into the same network).
>> 
> 
> Yes, I'm also wondering whether the anonymity of low-latency Tor 
> would increase if we plugged a high-latency network into it, and 
> also the opposite. I'm curious on whether one network will act as 
> cover traffic for the other, and what kind of adversaries that 
> would fool.
> 
> On this topic you might also enjoy the paper "Sleeping dogs lie on
>  a bed of onions but wake when mixed" by Paul Syverson: 
> https://petsymposium.org/2011/papers/hotpets11-final10Syverson.pdf
> 

Nice paper. Wonder why it isn't in anonbib too. I am used to keep a
bookmark on anonbib as a central repository of anonymity research
papers, so there's my concern :-)

I will add a bibtext entry. If anyone else discovers missing papers
please email me and I will add bibtext entries for them.

>> However, for this evaluation/simulation to work, I need to attack
>> my simulation, i.e. become the adversary and measure the 
>> effectiveness of my attacks. And for this, I need the actual 
>> implementation. So if anyone has access or can direct me to 
>> implementations that I can use, I would be glad for your help.
>> 
> 
> What implementations do you mean?
> 
> I'm curious to how you are going to use simulation here. I also 
> imagine that actually integrating mixminion with Tor on a level 
> that would allow simulation will be non-trivial engineering work.
> 
> In any case, if you have specific Shadow questions, you might want
>  to speak with Rob Jansen who develops Shadow and who is also 
> interested in hidden services research.
> 
>> It would also help me a lot if you can direct me to papers or 
>> articles that have shown specific attacks that are known to work
>>  on the current network.
>> 
>> Finally, I am currently considering using Mixminion as my basis 
>> for a mix network as it seems well designed and addresses a lot 
>> of known attacks. I currently do not plan to evaluate its 
>> security but instead only the effect its usage has on attacks 
>> that work on regular Tor users. However, if anyone can propose a
>>  better mix network to base my work on, please let me know.
>> 
> 
> Hm, not sure how exactly the integration will work here, but 
> mixminion sounds like a decent choice maybe. It's also developed by
> Nick, who is the Tor developer.
> 
> _______________________________________________ tor-dev mailing 
> list tor-dev at lists.torproject.org 
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBCAAGBQJU19oFAAoJEIN/pSyBJlsRTa4H/22BAkmm2WE1fxiWq5xphQvM
FcDVIETgJa7pdtFVh9b3gmk07Z2Mz3GyvjX5UF5rfrDEHfWebaw5S+k8M3fvKyB7
pYmX2e2vfUAX3qYyadMEn94yVWNPRRyHoLsA9iscDgOUWzmtHBKmER9yfK9tlEF9
kJP+7/IXgSR5iNoQkLO+uTO/7AaTpYyZRiYfbwBMrSz39NZSaVV0wrCuqzfyVDzL
/ZvQag2C4AdMsDBdTr3Ss/dOSdcLGu0xaToo7gDMtZRHddl/RSVCY76+ASKgSknn
Gjbit7BexUIYk/IHi9xwdXGHoG+tusF6rTudwQxfzuIz4zGGBH83s/OS+IyU/Xw=
=3UrI
-----END PGP SIGNATURE-----


More information about the tor-dev mailing list